Permission re-delegation prevention

摘要

Methods and systems for preventing permission re-delegation among applications are disclosed herein. The method includes accepting a message requesting access to a user-controlled resource from a requester application at a deputy application and reducing a first permissions list of the deputy application to a second permissions list. The second permissions list includes an overlap of permissions between the deputy application and the requester application. Moreover, the method also includes sending the message from the deputy application to a computing system via an application programming interface (API), wherein the computing system is configured to reject the message if the second permissions list of the deputy application does not permit access to the user-controlled resource.

主权项

1. A method for preventing permission re-delegation among applications, comprising:
accepting a message requesting access to a user-controlled resource from a requester application at a deputy application; reducing a first permissions list of the deputy application to a second permissions list, wherein the second permissions list comprises an overlap of permissions between the deputy application and the requester application; sending the message from the deputy application to a computing system via an application programming interface (API), wherein the computing system is configured to reject the message if the second permissions list of the deputy application does not permit access to the user-controlled resource; and rejecting a second message requesting access to the user-controlled resource if a third permissions list comprising an overlap of the second permissions list and a permissions list of a second requester application does not permit access to the user-controlled resource.